Botnet Battle a ‘Game of Whack-a-Mole’

No one ever said policing the Internet was easy. Bot herders control networks of compromised computers sometimes numbering into the thousands. Already, an FBI-led initiative dubbed “Operation Bot Roast” has identified 1 million compromised computers.

On Wednesday, FBI officials laid out charges against three menâ€”Robert Alan Soloway of Seattle, James C. Brewer of Arlington, Texas, and Jason Michael Downey of Covington, Ky.â€”as part of Operation Bot Roast. But security professionals say bot herders are growing increasingly sophisticated as they search for ways to thwart their opponents.

Officials at Sunnyvale, Calif.-based Mi5 Networks reported seeing bots that connect to multiple command and control servers as well as bots that scan internal networks for different vulnerabilities and then only deliver the exploit payload for which the specific machine is vulnerable. Battling botnets, said Mi5 CEO Doug Camplejohn, has officially turned into a “game of Whack-a-mole.”

“Our findings show that we’ve entered the second phase of botnet evolution in that there’s no longer just a single C&C [command and control] head to cut off,” he said. “Even if you do cut off all the C&C heads, bots keep collecting data and distributing it via peer-to-peer networks.”